Lack of control of express application root

We wanted to put some config dynamically into the client side app (not in the webpack bundle) by templating it into the index.html

We wanted to add NewRelic reporting of errors that caught by the top level express and Apollo error handlers

We wanted to turn off the REST routes and GraphQL resolvers that we don't use in order to minimise our API surface area

Each of these would have been easy if we controlled the root of the express app. But since it is in pubsweet-server, we have to find workarounds. In the last case, the workaround we have found is to have () => false as our authsome mode. It makes it easy to disable all built in routes and resolvers but it also makes it harder for us to use authsome for other purposes.

I've been doing some on-boarding and handovers recently which has highlighted to me that the current system is somewhat confusing. The core of our application lives in a plugin which gets loaded by pubsweet-server which also comes with a lot of unused (by us) functionality. Allowing PubSweet apps to own the express root would allow us to build up the server more naturally through composition of only the features we use. It would obviate the need for the current plugins system although this could be kept for future pubsweet install X type functionality.